Posted by
admin on Monday, October 24th, 2011 7,118 views
Download EXE Radar Pro and install it. Download Ikarus T3 (T3 VDB + T3 Commandline Scanner): http://updates.ikarus.at/updates/update.html Extract ikarust3scan.exe in: C:\AVs\Ikarus\ Place there also t3sigs.vdb. Now open EXE Radar Pro and click the [TAB] Behavioral. Open the [TAB] Custom Scanners. Put a check in Enable Custom Sca...
Continue reading...
Posted by
admin on Saturday, June 25th, 2011 30,103 views
While searching images on Google Images, we noted a suspicious redirect: hxxp://epnfmackey. info/index.php?tp=81350e0ebb536599hxxp://epnfmackey. info/index.php?tp=81350e0ebb536599 It looks like the Blackhole Exploit Kit URL format! Malicious code can be found by analyzing the page source: The main redirect was created by this ma...
Continue reading...
Posted by
admin on Thursday, June 16th, 2011 24,961 views
Infected website: hxxp://somerandomiframedomain. comhxxp://somerandomiframedomain. com Activity: Connection Established - %ProgramFiles%\Internet Explorer\iexplore.exe - TCP - 92.38.232.92 - 80 Web Request - %ProgramFiles%\Internet Explorer\iexplore.exe - GET - somerandomiframedomain.com - /forum.php?tp=9c7447caf251fe78 File Cre...
Continue reading...
Posted by
admin on Tuesday, June 14th, 2011 11,775 views
We are working on a free online automated malware analyzer, here there are few example reports generated by the sandbox using malware samples captured in the wild. We capture every URL that is requested by the malware and every new file that is dropped in the disk, we use Driver Radar Pro to block loading […]
Continue reading...
Posted by
admin on Wednesday, January 27th, 2010 57,305 views
A new fresh and sophisticated web-based bot named SpyEye is around in the markets and looks like to be the possible successor of the famous Zeus Trojan due to its very interesting features, with the main objective to steal bank accounts, credit cards, ftp accounts and other sensitive data from the victim’s computer. SpyEye...
Continue reading...
Posted by
admin on Wednesday, January 27th, 2010 57,748 views
This second part of our part 1 analysis, will show you what the files we collected did once live. From the main loader we can extract the following useful strings: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 msxslt3.exe MsXSLT SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ntdll.dll wininet.dll Content-Type: application/x-www-form-ur...
Continue reading...
Posted by
admin on Tuesday, January 26th, 2010 13,863 views
Today we will analyze a sample of a rogue security software that is packed by an unknown packer named Mystic Compressor, and that has been identified to be used mostly to pack rogue security software executables. Steve has successfully unpacked the sample and this is his analysis: Call to VirtualProtect to make the data in [&hel...
Continue reading...
Posted by
admin on Friday, December 4th, 2009 14,952 views
Users have reported to us another case of a massive blackhat SEO strategy used to redirect traffic to infected websites with the objective to infect users with the popular and very dangerous TDSS Trojan. Blackhat SEO strategy targeted most popular video streaming websites such as youtube, metacafe, etc. and the malicious files t...
Continue reading...
Posted by
admin on Tuesday, March 31st, 2009 9,837 views
Worm.IM.Sohanad is a worm that spreads itself via Yahoo Messenger and can infect all the contacts present in your Yahoo Messenger Contacts List, by sending them a text message that can contain a malicious HTTP link pushing the users to download the worm. Its also possible for the worm to send a HTTP link that […]
Continue reading...
Posted by
admin on Sunday, March 29th, 2009 416,199 views
A user submitted a suspicious link that was present in his website as a hidden iframe. Malicious hidden iframes are mainly inserted into HTML pages of legitimate websites, by hackers that want to spread their malware with the objective of infecting all the users that visit the compromised website and in most of the cases, [&hell...
Continue reading...